<?php
require_once('admin.php');
require_once( ABSPATH . WPINC . '/registration-functions.php');

$title = __('Users');
$parent_file = 'users.php';
	
$action = $_REQUEST['action'];
$update = '';

assert(!isset($_REQUEST['action']) || isset($_REQUEST['token']));
switch ($action) {

case 'promote':
	check_admin_referer('bulk-users');

	if (empty($_POST['users'])) {
		wp_redirect('users.php');
		exit();
	}

	if ( !current_user_can('edit_users') )
		die(__('You can&#8217;t edit users.'));

	validateToken($_POST['token'], 'users.php', 'deletepromote');
 	$userids = $_POST['users'];
	$update = 'promote';
 	foreach($userids as $id) {
		// The new role of the current user must also have edit_users caps
		if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) {
			$update = 'err_admin_role';
			continue;
		}

 		$user = new WP_User($id);
 		$user->set_role($_POST['new_role']);
 	}
		
	wp_redirect('users.php?update=' . $update);
	exit();

break;

case 'dodelete':

	check_admin_referer('delete-users');

	if ( empty($_POST['users']) ) {
		wp_redirect('users.php');
		exit();
	}

	if ( !current_user_can('edit_users') )
		die(__('You can&#8217;t delete users.'));

	$userids = $_POST['users'];
	
	validateToken($_POST['token'], 'users.php', 'dodelete', md5(implode(',',$userids)));
	$update = 'del';
 	foreach ($userids as $id) {
		if($id == $current_user->id) {
			$update = 'err_admin_del';
			continue;
		}
 		switch($_POST['delete_option']) {
		case 'delete':
			wp_delete_user($id);
			break;
		case 'reassign':
			wp_delete_user($id, $_POST['reassign_user']);
			break;
		}
	}

	wp_redirect('users.php?update=' . $update);
	exit();
break;

case 'delete':

	check_admin_referer('bulk-users');

	if ( empty($_POST['users']) ) {
		wp_redirect('users.php');
		exit();
	}

	if ( !current_user_can('edit_users') )
		$error['edit_users'] = __('You can&#8217;t delete users.');

	validateToken($_POST['token'], 'users.php', 'deletepromote');
	$userids = $_POST['users'];

	include ('admin-header.php');
?>
<form action="" method="post" name="updateusers" id="updateusers">
<?php wp_nonce_field('delete-users') ?>
<div class="wrap">
<h2><?php _e('Delete Users'); ?></h2>
<p><?php _e('You have specified these users for deletion:'); ?></p>
<ul>
<?php
	$go_delete = false;
 	foreach ($userids as $id) {
 		$user = new WP_User($id);
		if ($id == $current_user->id) {
			echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";
		} else {
			echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
			$go_delete = true;
			$token_id_array[]=$id;
		}
 	}
	$all_logins = $wpdb->get_results("SELECT DISTINCT ID, user_login FROM $wpdb->users, $wpdb->usermeta WHERE blog = '$blog' and ID = user_id ORDER BY user_login");
 	$user_dropdown = '<select name="reassign_user">';
 	foreach ($all_logins as $login) {
		if ( $login->ID == $current_user->id || !in_array($login->ID, $userids) ) {
 			$user_dropdown .= "<option value=\"{$login->ID}\">{$login->user_login}</option>";
 		}
 	}
 	$user_dropdown .= '</select>';
 	?>
 	</ul>
<?php if($go_delete) : ?>
 	<p><?php _e('What should be done with posts and links owned by this user?'); ?></p>
	<ul style="list-style:none;">
		<li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" checked="checked" />
		<?php _e('Delete all posts and links.'); ?></label></li>
		<li><input type="radio" id="delete_option1" name="delete_option" value="reassign" />
		<?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:')."</label> $user_dropdown"; ?></li>
	</ul>
	<input type="hidden" name="action" value="dodelete" />
	<p class="submit"><input type="submit" name="submit" value="<?php _e('Confirm Deletion'); ?>" /></p>
<?php else : ?>
	<p><?php _e('There are no valid users selected for deletion.'); ?></p>
<?php endif; ?>
</div>
<?php echo tokeninput('users.php', 'dodelete', md5(implode(',',$token_id_array)) )?>
</form>
<?php

break;

case 'search':

	$filter = array_key_exists('filter', $_REQUEST) ? mysql_real_escape_string($_REQUEST['filter']) : '';

	if ($filter != '' ) {
		$filter = "%$filter%";

		$users_without_privileges = $wpdb->get_col( //PEAK
			"SELECT DISTINCT ID
			FROM $wpdb->users
				INNER JOIN $wpdb->usermeta um_filter  ON (ID  = um_filter.user_id  )
				INNER JOIN $wpdb->usermeta um_exclude ON (ID != um_exclude.user_id )
			WHERE
				( um_exclude.blog = '$blog' ) AND 
				( user_login LIKE '$filter' OR 
					( um_filter.meta_key = 'first_name' AND um_filter.meta_value LIKE '$filter' ) OR 
					( um_filter.meta_key = 'last_name'  AND um_filter.meta_value LIKE '$filter' )
				)
			LIMIT 20;");

		$user_objects = array();
		foreach($users_without_privileges as $userid) {
			$user_objects[] = new WP_User($userid);
		}
  
	} else {
		$users_without_privileges = 0;
	}

	ob_start();

	if (!$users_without_privileges) {
	?>
		<tr><td><strong>No results found.</strong></td></tr>
	<?php } else { ?>
		<tr>
		<th><?php _e('ID') ?></th>
		<th><?php _e('Username') ?></th>
		<th><?php _e('Name') ?></th>
		<th><?php _e('Website') ?></th>
		<th><?php _e('Posts') ?></th>
		</tr>
		<?php
		$style = '';
		foreach ($user_objects as $user_object) {
			if (1 == $user_object->user_admin)
				continue;
			$disabled = ($current_user->id==$user_object->ID ) 
				? " disabled = 'disabled'"
				: " ";
			$email = $user_object->user_email;
			$url = $user_object->user_url;
			$short_url = str_replace('http://', '', $url);
			$short_url = str_replace('www.', '', $short_url);
			if ('/' == substr($short_url, -1))
				$short_url = substr($short_url, 0, -1);
			if (strlen($short_url) > 35)
			$short_url =  substr($short_url, 0, 32).'...';
			$style = ('class="alternate"' == $style) ? '' : 'class="alternate"';
			$numposts = $wpdb->get_post_var("COUNT(DISTINCT $wpdb->posts.ID)", "post_author = '$user_object->ID' and post_status = 'publish'");
			if (0 < $numposts) $numposts = "<a href='edit.php?b=$blogdata->slug&amp;author=$user_object->ID' title='" . __('View posts') . "'>$numposts</a>";
			echo "
		<tr $style>
		<td><input type='checkbox' name='users[]' id='user_{$user_object->ID}' value='{$user_object->ID}' $disabled /> <label for='user_{$user_object->ID}'>{$user_object->ID}</label></td>
		<td><label for='user_{$user_object->ID}'><strong>$user_object->user_login</strong></label></td>
		<td><label for='user_{$user_object->ID}'>$user_object->first_name $user_object->last_name</label></td>
		<td><a href='$url' title='website: $url'>$short_url</a></td>";
			echo "<td align='right'>$numposts</td>";
			echo '</tr>';
		}
  }
  
  $users_without_privileges_table = ob_get_contents();
  
  ob_end_clean();
  
  if (array_key_exists('called_from_ajax', $_GET)) {
		echo '<table cellpadding="3" cellspacing="3" width="100%" id="noprivs">';
    echo $users_without_privileges_table;
		echo '</table>';
    exit();
  }
  
default:
	
	include ('admin-header.php');
	
	$userids = $wpdb->get_col("SELECT DISTINCT u.ID FROM $wpdb->users u, $wpdb->usermeta um WHERE um.blog = '$blog' and u.ID = um.user_id ORDER BY u.user_registered DESC;");
	
	foreach($userids as $userid) {
		$tmp_user = new WP_User($userid);
		$roles = $tmp_user->roles;
		$role = array_shift($roles);
		$roleclasses[$role][$tmp_user->user_login] = $tmp_user;
	}	
	
	?>

	<script src="<?php echo SRCROOT ?>/wp-includes/js/prototype.js" type="text/javascript"></script>

	<?php 
	if (isset($_GET['update'])) : 
		switch($_GET['update']) {
		case 'del':
		?>
			<div id="message" class="updated fade"><p><?php _e('Privileges revoked.'); ?></p></div>
		<?php
			break;
		case 'add':
		?>
			<div id="message" class="updated fade"><p><?php _e('New user created.'); ?></p></div>
		<?php
			break;
		case 'promote':
		?>
			<div id="message" class="updated fade"><p><?php _e('Changed roles.'); ?></p></div>
		<?php
			break;
		case 'err_admin_role':
		?>
			<div id="message" class="error"><p><?php _e("The current user's role must have user editing capabilities."); ?></p></div>
			<div id="message" class="updated fade"><p><?php _e('Other user roles have been changed.'); ?></p></div>
		<?php
			break;
		case 'err_admin_del':
		?>
			<div id="message" class="error"><p><?php _e("You can't delete the current user."); ?></p></div>
			<div id="message" class="updated fade"><p><?php _e('Other users have been deleted.'); ?></p></div>
		<?php
			break;
		}
	endif; 
	if ( isset($errors) ) : ?>
	<div class="error">
		<ul>
		<?php
		foreach($errors as $error) echo "<li>$error</li>";
		?>
		</ul>
	</div>
	<?php 
	endif;
	?>
	
<?php 
	wp_nonce_field('bulk-users'); 
	krsort($roleclasses);
	foreach($roleclasses as $role => $roleclass) {
		uksort($roleclass, "strnatcasecmp");
		foreach ($roleclass as $user_object) {
			echo "<option value='$user_object->ID'>$user_object->user_log </option>";
			//$user_object->first_name $user_object->last_name</label></td>
			//$email = $user_object->user_email;
		}
	}
?>
